package cn.wolfcode.web.controller;

import cn.wolfcode.ssm.domain.Employee;
import cn.wolfcode.ssm.page.JsonPage;
import cn.wolfcode.ssm.service.IEmployeeService;
import cn.wolfcode.ssm.service.IPermissionService;
import cn.wolfcode.ssm.util.UserContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import sun.security.util.Password;

import javax.servlet.http.HttpSession;
import java.util.List;

@Controller
public class LoginController {

    @Autowired
    private IEmployeeService employeeService;

    @Autowired
    private IPermissionService permissionService;

    // 判断登陆
    @RequestMapping("/login.do")
    @ResponseBody
    public JsonPage login(String username, String password, HttpSession session){
        try {
            System.out.println(username);
            System.out.println(password);
            Employee employee = employeeService.login(username, password);


           // session.setAttribute("EMPLOYEE_IN_SESSION",employee);
            UserContext.setCurrentUser(employee);
            // 拿到当前用户所有的权限表达式.在判断用户是否有对应权限时候时候
            // 是超管就不用拿
            if (!employee.isAdmin()){
                // 执行响应的Sql语句拿到当前员工的所有权限集合
                List<String> permissions = permissionService.selectedByEmpId(employee.getId());
                // session.setAttribute("PERMISSION_IN_SESSION",permissions);
                // 装到session中
                UserContext.setPermissions(permissions);
            }
            return new JsonPage();
        }catch (Exception e){
            e.printStackTrace();
            return new JsonPage(false,e.getMessage());
        }
    }


    // 注销实现
    @RequestMapping("/loginOut")
    public String  loginOut(HttpSession session){
        // 删除session
        session.invalidate();
        // 跳转回登陆界面
        return "redirect:/login.html";
    }





    @RequestMapping("/updatePwd")
    @ResponseBody
    public JsonPage updatePwd(String oldPassword,String newPassword,HttpSession session){
        // 通过用户登陆拿到对应用户的Id,作为判断原密码有没有输入正确时查询Sql语句的判断条件
        Employee employee = (Employee) session.getAttribute("EMPLOYEE_IN_SESSION");
        // 拿到对应人的密码和传上来的就密码做对比
        String password = employeeService.contrastPassword(employee.getId());
        // 如果输入的老密码正确
        if (oldPassword.equals(password)){
            // 就执行修改密码方法
            employeeService.updatePassword(employee.getId(),newPassword);
            // 同时删除session 返回到登陆页面
            session.invalidate();
         return new JsonPage();
        }
        return new JsonPage(false,"原密码输入错误");

    }

    // 管理员重置密码
    @RequestMapping("/resetPassword")
    @ResponseBody
    public JsonPage resetPwd(String newPassword,Long userId){
        // 管理员传上来的新密码和对应用户的Id(法相一直拿不到,可能是前端传过来是String类型,Sql语句需要的是Long类型,就改用name来做判断条件)
        System.out.println(userId);
        System.out.println(newPassword);
        employeeService.resetPwd(newPassword,userId);
        return new JsonPage();
    }


}
